The community site Web Hosting Talk is continuing to reel from what can only be described as a major blow. Just mere months after a previous 'sophisticated' hack and exploit against the site they were recently brought down as a result of their backup servers being maliciously attacked and their content being distributed around the internet.
Web Hosting Talk issued the following statement when the site became partially usable today after hours offline:
As reported yesterday, our recent downtime was due to issues with our backup servers followed by the corruption of some db tables from a hack attempt.
We've since learned that this very deliberate, sophisticated and calculated hack against Web Hosting Talk was carried out by gaining access to our offsite backup servers. From our backup servers, the hacker gained access to the WHT db server. The malicious attacker deleted all backups from the backup servers within the infrastructure before deleting tables from our db server. We were alerted of the db exploitation and quickly shut down the site to prevent further damage.
This individual is still in possession of our user table that includes all user names, email addresses and hashed passwords. Absolutely no credit card or PayPal data was compromised.
Passwords are hashed with salt. It would be an unprecedented event to reverse engineer our passwords. My concern is the distribution of your email addresses and the potential spam you may receive. We know the hacker has posted the user table containing email addresses to various places (file sharing sites) and we're working diligently to remove the tables as we find them. If you see the user table posted anywhere, please let us know so we can get it taken off line.
We are working on recovering the deleted data. In the meantime, we've restored to an old db. We cannot yet determine if we can restore to a more recent db backup.
Why the backup system was remotely accessible by remote sources, no one will ever know but a slashdot thread arose just earlier today in regards to the exploit. Many users highly recommended ensuring that the backup systems were not remotely accessible, encrypted if necessary and only given 'write' access by the main webserver. In my opionion, even giving access to the backup server by the webserver was a mistake in itself. In this particular scenario it appears that both systems were completely open to remote sources which was a definite oversight on the Webhostingtalk team's side.
Many of the frequent users of WebHosting Talk lashed out at for what was seen as sloppy management practices... there have been past sucessful attempts to hack the community:
You're comfortable knowing that there's hundreds/thousands of people sitting in front of their computers with a copy of your password, and every other members? I know I'm not. - One particularly annoyed member
My personal advice is that WHT should secure their stuff properly and not just backup to one location. - Captain Obvious
Saying "this is unforgivable" may sound too hard. But it really is. WebHostingTalk, a place where we often read "make backup of backup" got hacked and lost their only backup. Great. - Lulz
Welcome to the Internet. There's really no reason to make a huge issue out of this. Simply change your password(s) and move on.Can we just purge the entire forum? 90% of this crap is outdated anyway
As an additional note it appears that the the exploiters didn't even have to hack their backup servers at all, webhostingtalk was hosting their 'members' database right on their webserver according to a paste at Paste2. -- David
Fri, 27 March 2009, 02:07
Wow, this is very unfortunate for WHT.
But for them to focus on "trashing" Host Jury for keeping the public informed is a little ridiculous. It's a bit like politics, where you have to say when the other one is wrong, and not why you're the right one.
Oh well, it is what it is. Let's hope WHT can get themselves set back up, as this is incredibly unfortunate for them. But more importantly, I hope this drives more traffic to Host Jury! =)